We have a 1720 with a WAN Interface, to the internet, We have NAT statements to map an external IP to an internal IP for access to services, email, www, etc..
I want to setup access-list to only open ports for the services needed. The way it is currently setup, is there is a one-to-one nat with all ports being mapped.
I entered a access-list statement like this: access-list 102 permit tcp ant host EXTERNALIP eq smtp. When I do a port scan, it still shows all the open ports. Am I doing something wrong? There is another WAN interface that connects to a remote site.